STIGQter STIGQter: STIG Summary: Windows 2008 Member Server Security Technical Implementation Guide Version: 6 Release: 43 Benchmark Date: 26 Jul 2019: Reversible password encryption is not disabled.

DISA Rule

SV-29689r1_rule

Vulnerability Number

V-2372

Group Title

Reversible Password Encryption

Rule Version

3.057

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the system to prevent passwords from being saved using reverse encryption.

Check Contents

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Account Policies -> Password Policy.
If the value for “Store password using reversible encryption” is not disabled, then this is a finding.

Vulnerability Number

V-2372

Documentable

False

Rule Version

3.057

Severity Override Guidance

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Account Policies -> Password Policy.
If the value for “Store password using reversible encryption” is not disabled, then this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1340

Comments